<?php
require_once('global.php');
require_once(R_P.'require/header.php');
require_once(R_P.'require/forum.php');
include_once(D_P.'data/bbscache/forumcache.php');
include_once(D_P.'data/bbscache/forum_cache.php');

!$_G['show'] && Showmsg('groupright_show');
$db_showperpage = 16;
InitGP(array('pwuser','uid','action','type','page','aid'));
$fidoff= array();

$query = $db->query("SELECT f.fid,f.allowvisit,f.password,f.f_type,fe.forumset FROM pw_forums f LEFT JOIN pw_forumsextra fe ON fe.fid=f.fid WHERE f.type<>'category'");
while ($rt = $db->fetch_array($query)) {
	$forumset = $rt['forumset'] ? unserialize($rt['forumset']) : '';
	if ($rt['f_type']=='hidden' || $rt['password'] || $forumset['forumsell'] || ($rt['allowvisit'] && strpos($rt['allowvisit'],",$groupid,") === false)) {
		is_numeric($rt['fid']) && $fidoff[] = $rt['fid'];
	}
}

$sqladd = "1";
if($pwuser || is_numeric($uid)){
	if($pwuser){
		$rt  = $db->get_one("SELECT uid,username FROM pw_members WHERE username='$pwuser'");
	} elseif(is_numeric($uid)){
		$rt  = $db->get_one("SELECT uid,username FROM pw_members WHERE uid='$uid'");
	}
	if(!$rt){
		$errorname = Char_cv($pwuser);
		Showmsg('user_not_exists');
	} else{
		$uid     = $rt['uid'];
		$owner   = $rt['username'];
		$sqladd .= " AND a.uid='$uid'";
	}
}

if(is_numeric($fid) && $fid > 0){
	if (in_array($fid,$fidoff)) {
		Showmsg('forum_not_allow');
	}
	$sqladd .= " AND a.fid='$fid'";
	$forumcache = str_replace("<option value=\"$fid\">","<option value=\"$fid\" selected>",$forumcache);
}
$type_1 = $type_2 = '';
if($type == 1){
	$sqladd .= " AND a.type='img'";
	$type_1  = "selected";
} elseif($type == 2){
	$sqladd .= " AND a.type!='img'";
	$type_2  = "selected";
}
if(!$action){
	$url = "show.php?uid=$uid&fid=$fid&type=$type&";
	(!is_numeric($page) || $page<1) && $page = 1;
	$limit = "LIMIT ".($page-1)*$db_showperpage.",$db_showperpage";
	$rt    = $db->get_one("SELECT COUNT(*) AS sum FROM pw_attachs a WHERE $sqladd");
	$pages = numofpage($rt['sum'],$page,ceil($rt['sum']/$db_showperpage),$url);

	$showdb= $ttable_a = $ptable_a = $read = $repost = array();
	$pids  = '';
	$query = $db->query("SELECT a.aid,a.uid,a.attachurl,a.type,a.fid,a.tid,a.pid,a.name,a.needrvrc,a.descrip,a.ifthumb FROM pw_attachs a WHERE $sqladd ORDER BY aid DESC $limit");
	while($rt = $db->fetch_array($query)){
		$showdb[] = $rt;
		if ($rt['pid']) {
			$pids .= ','.$rt['pid'];
		}
		$ttable_a[GetTtable($rt['tid'])] .= ','.$rt['tid'];
	}
	foreach($ttable_a as $pw_tmsgs=>$value){
		$value = substr($value,1);
		if ($value) {
			$query = $db->query("SELECT t.tid,t.fid,t.authorid,t.author as username,t.subject,t.ifcheck,t.ifshield,t.ptable,tm.content,tm.buy FROM pw_threads t LEFT JOIN $pw_tmsgs tm USING(tid) WHERE t.tid IN($value)");
			while($rt = $db->fetch_array($query)){
				$read[$rt['tid']] = $rt;
				$ptable_a[$rt['ptable']] = 1;
			}
		}
	}
	$pids = substr($pids,1);
	if ($pids) {
		foreach($ptable_a as $ptable=>$value){
			$pw_posts = GetPtable($ptable);
			$query = $db->query("SELECT pid,tid,fid,authorid,author as username,subject,ifcheck,ifshield,content,buy FROM $pw_posts WHERE pid IN($pids)");
			while($rt = $db->fetch_array($query)){
				$repost[$rt['pid']] = $rt;
			}
		}
	}

	foreach ($showdb as $key => $rt) {
		$flag = false;
		if ($read[$rt['tid']]['fid']) {
			$flag = true;
			if ($rt['pid'] && $repost[$rt['pid']]) {
				 $rt = array_merge($rt,$repost[$rt['pid']]);
			} else {
				 $rt = array_merge($rt,$read[$rt['tid']]);
			}
			if (empty($rt['fid']) || empty($rt['tid']) || in_array($rt['fid'],$fidoff) || $rt['ifshield']=='2'){
				$flag = false;
			}elseif($groupid!='3' && $groupid!='4'){
				if(!$rt['ifcheck'] || $rt['ifshield']){
					$flag = false;
				}elseif($rt['authorid']==$winduid){
					$flag = true;
				}elseif($rt['needrvrc']>$userrvrc){
					$flag = false;
				}elseif(strpos($rt['content'],"[post]") !== false && strpos($rt['content'],"[/post]") !== false){
					$flag = false;
				}elseif(strpos($rt['content'],"[hide") !== false && strpos($rt['content'],"[/hide]") !== false){
					preg_match("/\[hide=(.+?)\].+?\[\/hide\]/eis",$rt['content'],$rtu);
					if($userrvrc < $rtu[1]){
						$flag = false;
					}
				}elseif(strpos($rt['content'],"[sell") !== false && strpos($rt['content'],"[/sell]") !== false){
					if(strpos(','.$rt['buy'],','.$windid)===false){
						$flag = false;
					}
				}
			}
		}

		if ($flag == false){
			$rt['a_url'] = 'none';
		} else {
			$a_url = geturl($rt['attachurl'],'show');
			$rt['a_url'] = is_array($a_url) ? $a_url[0] : $a_url;
			$rt['ifthumb']==1 && $rt['a_url'] = str_replace($rt['attachurl'],'thumb/'.$rt['attachurl'],$rt['a_url']);
			!$rt['descrip'] && $rt['descrip'] = substrs($rt['subject'],20);
		}
		!$rt['pid'] && $rt['pid'] = 'tpc';
		$rt['fname'] = $forum[$rt['fid']]['name'];
		$showdb[$key] = $rt;
	}
	require_once PrintEot('show');footer();
} else{
	$pw_tmsgs = GetTtable($tid);
	$rt=$db->get_one("SELECT a.aid,a.uid,a.attachurl,a.type,a.fid,a.tid,a.pid,a.name,a.needrvrc,a.descrip,t.subject,t.ifcheck,t.ifshield,tm.content,m.username FROM pw_attachs a LEFT JOIN pw_threads t ON t.tid=a.tid LEFT JOIN $pw_tmsgs tm ON tm.tid=a.tid LEFT JOIN pw_members m ON m.uid=a.uid WHERE a.aid='$aid' AND a.tid='$tid' AND a.fid!='0'");
	if($rt){
		$a_url = geturl($rt['attachurl'],'show');
		$rt['a_url'] = is_array($a_url) ? $a_url[0] : $a_url;
		if(in_array($rt['fid'],$fidoff) || $rt['ifshield']=='2' || $groupid!='3' && $groupid!='4' && ($rt['needrvrc']>$userrvrc || !$rt['ifcheck'] || $rt['ifshield'] || (strpos($rt['content'],"[post]") !== false && strpos($rt['content'],"[/post]") !== false) || (strpos($rt['content'],"[hide") !== false && strpos($rt['content'],"[/hide]") !== false) || (strpos($rt['content'],"[sell") !== false && strpos($rt['content'],"[/sell]") !== false))){
			Showmsg('pic_not_exists');
		}
	} else{
		Showmsg('pic_not_exists');
	}
	$uid  = $rt['uid'];
	$type = 1;
	$owner= $rt['username'];
	!$rt['pid'] && $rt['pid']='tpc';
	!$rt['descrip'] && $rt['descrip'] = substrs($rt['subject'],20);
	require_once PrintEot('show');footer();
}
?>